EnBw SENEC Legacy Storage Box Access Control Error Vulnerability

EnBw SENEC Legacy Storage Box is a series of storage boxes from EnBw Germany. An Access Control Error vulnerability exists in EnBw SENEC legacy storage Box versions V1 through V3, which stems from improper access control and leads to log disclosure...

WordPress Plugin Popup box security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

ghostscript security and bug fix update

9.27-11 - fix for CVE-2023-4042 - Resolves: rhbz2228153 9.27-10 - fix for CVE-2023-38559 - Resolves: rhbz2224371 9.27-9 - fix for CVE-2023-28879 - Resolves: rhbz2188297 9.27-8 - fix embedding of CIDFonts - Resolves: rhbz2169890 9.27-7 - fix bbox device calculating bounding box incorrectly -...

UBUNTU-CVE-2023-47384

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gfisomaddchapter at /isomedia/isomwrite.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

EnBw SENEC Legacy Storage Box Log Disclosure

Advisory ID: Ph0s-2023-001 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-284: Improper Access Control Risk Level: CVSS v3.1 Vector:...

Popup box < 3.8.6 - Admin+ Stored XSS in Categories

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC 1. Go to "Popup Box Categories" 2...

EnBw SENEC Legacy Storage Box Information Disclosure

Advisory ID: Ph0s-2023-002 Product: EnBw - SENEC legacy storage box: V1-V3 Manufacturer: SENEC - a part of EnBw Affected Versions: Firmware: all as of 2023-06-19 Tested Versions: current Vulnerability Type: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor Risk Level: CVSS v3.1...

Popup box < 3.8.6 - Admin+ Stored XSS in Popup Settings

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new Popup 2. In the "Popups...

Popup box < 3.8.6 - Admin+ Stored XSS in Categories

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Go to "Popup Box Categories" 2. Add...

CVE-2023-4390

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

Design/Logic Flaw

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

CVE-2023-4390

Affected product: WordPress Popup box plugin (versions before 3.7.2). Vulnerability: admin+ stored cross-site scripting due to insufficient sanitization/escaping of certain Popup fields, enabling arbitrary script injection even when unfiltered_html is disallowed (notably in multisite setups). Imp...

CVE-2023-4390 Popup box < 3.7.2 - Admin+ Stored Cross-Site Scripting

The Popup box WordPress plugin before 3.7.2 does not sanitize and escape some Popup fields, which could allow high-privilege users such as an administrator to inject arbitrary web scripts even when the unfilteredhtml capability is disallowed for example in a multisite setup...

WordPress Popup box Plugin < 3.7.2 is vulnerable to Cross Site Scripting (XSS)

Software Popup box Type Plugin Vulnerable versions 3.7.2 Fixed in 3.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4390 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 4da53333beaa Credits Prasad Borvankar Required...

WordPress Plugin Popup box Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2023-5817

The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontextbox shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes color. This makes it possible for authenticated...

CVE-2023-5817 Neon text <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Neon text plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's neontextbox shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes color. This makes it possible for authenticated...

Popup Box < 3.7.9 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. 1 Create a new popup via /wp-admin/admin.php?page=ays-pb&action=add 2 Set its "Custom...

Popup Box < 3.7.9 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed. PoC 1 Create a new popup via /wp-admin/admin.php?page=ays-pb=add 2 Set its "Custom content...

CVE-2023-5231

The Magic Action Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.17.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...